Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
- latest installed via docker-compose
Describe the issue:
I installed latest version of opensearch and dashboard using docker compose on 19/sept 2024.
New localhost test instance.
I cannot curl to the API, get a 401.
% echo $OPENSEARCH_INITIAL_ADMIN_PASSWORD
myStrongPassword123@456
% curl -kv https://localhost:9200 -u admin:${OPENSEARCH_INITIAL_ADMIN_PASSWORD}
* Host localhost:9200 was resolved.
* IPv6: ::1
* IPv4: 127.0.0.1
* Trying [::1]:9200...
* Connected to localhost (::1) port 9200
* ALPN: curl offers h2,http/1.1
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Request CERT (13):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Certificate (11):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-AES256-GCM-SHA384 / [blank] / UNDEF
* ALPN: server did not agree on a protocol. Uses default.
* Server certificate:
* subject: CN=localhost
* start date: Sep 18 23:58:42 2024 GMT
* expire date: Sep 18 23:58:42 2025 GMT
* issuer: CN=localhost
* SSL certificate verify result: self signed certificate (18), continuing anyway.
* using HTTP/1.x
* Server auth using Basic with user 'admin'
> GET / HTTP/1.1
> Host: localhost:9200
> Authorization: Basic YWRtaW46bXlTdHJvbmdQYXNzd29yZDEyM0A0NTY=
> User-Agent: curl/8.7.1
> Accept: */*
>
* Request completely sent off
< HTTP/1.1 401 Unauthorized
* Authentication problem. Ignoring this.
< WWW-Authenticate: Basic realm="OpenSearch Security"
< content-type: text/plain; charset=UTF-8
< content-length: 12
<
* Connection #0 to host localhost left intact
Unauthorized%
Configuration:
Here’s my docker-compose.yml file:
version: ‘3’
services:
opensearch-node1:
image: opensearchproject/opensearch:2.8.0
container_name: opensearch-node1
environment:
# - discovery.type=single-node
- cluster.name=opensearch-cluster
- node.name=opensearch-node1
- discovery.seed_hosts=opensearch-node1
- cluster.initial_cluster_manager_nodes=opensearch-node1
- bootstrap.memory_lock=true
- “OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m”
- “OPENSEARCH_INITIAL_ADMIN_PASSWORD=${OPENSEARCH_INITIAL_ADMIN_PASSWORD}”
- plugins.security.ssl.http.enabled=true
- plugins.security.ssl.http.pemcert_filepath=certs/opensearch-cert.pem
- plugins.security.ssl.http.pemkey_filepath=certs/opensearch-key.pem
- plugins.security.ssl.http.pemtrustedcas_filepath=certs/opensearch-cert.pem
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systems
hard: 65536
volumes:
- opensearch-data:/usr/share/opensearch/data
- ./certs:/usr/share/opensearch/config/certs # Mount your certificate
ports:
- 9200:9200
- 9600:9600 # required for Performance Analyzer
networks:
- opensearch-net
opensearch-dashboards:
image: opensearchproject/opensearch-dashboards:2.8.0
container_name: opensearch-dashboards
ports:
- 5601:5601
expose:
- “5601”
environment:
OPENSEARCH_HOSTS: ‘[“https://opensearch-node1:9200”]’
networks:
- opensearch-net
redis:
image: redis:latest
container_name: redis
environment:
- REDIS_REPLICATION_MODE=none
volumes:
- redis-data:/data
ports:
- 6379:6379
networks:
- opensearch-net
volumes:
opensearch-data:
redis-data:
networks:
opensearch-net:
**Relevant Logs or Screenshots**:
I also tried with the following docker-compose it makes no difference.
version: ‘3’
services:
opensearch-node1:
image: opensearchproject/opensearch:2.8.0
container_name: opensearch-node1
environment:
# - discovery.type=single-node
- cluster.name=opensearch-cluster
- node.name=opensearch-node1
- discovery.seed_hosts=opensearch-node1
- cluster.initial_cluster_manager_nodes=opensearch-node1
- bootstrap.memory_lock=true
- “OPENSEARCH_JAVA_OPTS=-Xms512m -Xmx512m”
- “OPENSEARCH_INITIAL_ADMIN_PASSWORD=${OPENSEARCH_INITIAL_ADMIN_PASSWORD}”
# - plugins.security.ssl.http.enabled=true
# - plugins.security.ssl.http.pemcert_filepath=certs/opensearch-cert.pem
# - plugins.security.ssl.http.pemkey_filepath=certs/opensearch-key.pem
# - plugins.security.ssl.http.pemtrustedcas_filepath=certs/opensearch-cert.pem
ulimits:
memlock:
soft: -1
hard: -1
nofile:
soft: 65536 # maximum number of open files for the OpenSearch user, set to at least 65536 on modern systems
hard: 65536
volumes:
- opensearch-data:/usr/share/opensearch/data
# - ./certs:/usr/share/opensearch/config/certs # Mount your certificate
ports:
- 9200:9200
- 9600:9600 # required for Performance Analyzer
networks:
- opensearch-net
opensearch-dashboards:
image: opensearchproject/opensearch-dashboards:2.8.0
container_name: opensearch-dashboards
ports:
- 5601:5601
expose:
- “5601”
environment:
OPENSEARCH_HOSTS: ‘[“https://opensearch-node1:9200”]’
networks:
- opensearch-net
redis:
image: redis:latest
container_name: redis
environment:
- REDIS_REPLICATION_MODE=none
volumes:
- redis-data:/data
ports:
- 6379:6379
networks:
- opensearch-net
volumes:
opensearch-data:
redis-data:
networks:
opensearch-net: